FBI Informant Behind Attack Against Turkish Government

Court records reveal that the sting operation used to arrest wanted hacker Jeremy Hammond involved an FBI informant known online as Sabu. The Daily Dot’s weekly magazine Kernel reports that the high-profile attacks Hammond was arrested for included an attack against Turkish government websites in alliance with Turkish hacking group RedHack. According to court records, “Sabu” (officially Hector Xavier Monsegur) supplied Hammond and RedHack with security vulnerabilities in Turkish government websites while under strict FBI surveillance.


Photo: GlebStock / Shutterstock

Monsegur, co-founder of hacking organization LulzSec, was arrested in 2011 for his involvement in various cybercrimes. Facing 20 years in prison, Monsegur opted instead to cooperate with the FBI’s attempts to take down key members of Anonymous. According to Kernel reporter Kevin Collier, Monsegur’s decision to become an informant was possibly influenced by his role as guardian to his two nieces.

Shortly after, Monsegur aided in the arrests of eight wanted hackers and was involved in cyber attacks against a series of organizations including security company Strategic Forecasting (StratFor). Since his arrest in 2011, Monsegur had been involved in cyber attacks against governments in Iran, Syria, Brazil, Pakistan, and Iraq.

Recent documents confirm that Monsegur, acting online as Sabu, supplied Hammond and other hackers with vulnerabilities in Turkish government websites during his seven months of incarceration.

Although there are no records of the FBI explicitly telling Monsegur to lead cyber attacks against Turkey, they had previously stated in court that they were actively monitoring his online activity while he was in prison.

According to Kernel, this behavior reveals “implied consent” from the FBI. The released court documents concerning Monsegur’s role in the sting operation used to arrest Hammond call into question the FBI’s tactics, both against other nations as well as those it seeks to capture.

Monsegur supplied Hammond with potential targets in multiple encrypted chats. In 2012, he actively directed Hammond to take action against government websites in Turkey just two months before Hammond’s arrest, providing him with vulnerabilities for “hundreds of websites.” Monsegur allied his group AntiSec (of which Hammond was also a member) with Turkish RedHack, frequently pressing RedHack members to include Hammond on their plans and even insisting that they take him into their team. An anonymous RedHack member told The Daily Dot, “Hammond was used, like a soldier.”

While in prison, however, Hammond told reporter Collier that it was “Sabu” who was losing the group’s interest:

Sabu was never that important. I was doing the hacking. I was writing the press releases. He was just a mouth, bragging on Twitter. He talked, but he’s not that skilled. We were already cutting him out.

The FBI had been seeking Hammond long before Monsegur became an informant. A painstaking series of connecting the dots between multiple online pseudonyms first connected wanted hacker “Anarchaos” with other usernames “POW,” “yohoho,” and “sup_g.” Eventually, personal habits and political involvement (such as “freeganism,” or dumpster-diving, and protesting at a Republican National Convention) led the FBI to activist Jeremy Hammond. As a public figure, Hammond was known for advocating “electronic civil disobedience” at DEF-CON.

In the attacks against the Turkish government, Monsegur acted as Sabu to contact Hammond under the pseudonym sup_g. Together they expressed their admiration for Turkey-based RedHack, who are reported to be “politically-motivated” hackers. This operation eventually led to Hammond’s arrest. The court documents, which had been withheld from the public, illustrate how Monsegur acted with apparent FBI knowledge to illegally acquire information in a successful attempt to engage Hammond in similarly illegal acts. Kernel reporter Collier charges the FBI with its involvement in this illicit activity:

Peggy Cross-Goldenberg, one of Sabu’s attorneys, told the court during his sentencing hearing that the FBI “tracked everything [Monsegur] typed with a key-logging program” and installed a camera in his house. As such, it appears the FBI was explicitly involved in orchestrating the very same computer crimes that hackers are routinely charged for.

It is not presently known whether the FBI plans to use the information Monsegur and Hammond obtained from their cyberattacks against the Turkish government.